[FR] Block IP's from showing 404's in the dashboard

[bryandugan]

We are currently running Tenable security scans on our sites, which try to access any common URL with a security vulnerability and report it back to the security team. Our scans run once a week, and the list of URLs it tries to access can be in the hundreds, with new URLs added each scan, which, over time, has brought my 404 list up to nearly 1,000. This makes it difficult for me to actually manage 404's that normal users have tried to access and make sure those are resolved.

It would be beneficial to have some sort of settings section that will allow us to block a list of IP addresses from showing up in the dashboard and the number of 404s that need to be resolved.

[khalwat]

Would you want to block IP addresses, or block URLs?

[bryandugan]

I would like to block specific IP addresses from allowing results to show if possible. Unless you think ignoring URLs from showing up would be better in this scenario. The IS team sent me a list of about 10 IPs in which the scans run from.

In one of the scans, the Tenable bot searched all Sendgrid directories with sensitive information to see if the bot could access those pages. It added around 50 URLs to the list when it tried to test for security vulnerabilities there. Or it would try to access things like the wp-config file in WordPress, .env files, config files, or common dashboard URLs such as /admin, /dashboard along with variations of other CMS dashboard URL's.